1. Field of the Invention
The present invention relates to an information processing device and a portable settlement terminal device used for performing a procedure of settlement processing in a transaction.
2. Description of the Related Art
For example, in a (credit) transaction of goods or services using a credit card, security of the transaction is secured by checking (identity verification) whether a person who performs the transaction is identical to an owner of the credit card used in the transaction. The identity verification is performed as a customer signs a transaction slip where transaction content is printed in settlement processing of the transaction, and a clerk visually compares the customer signature with a signature written on the credit card.
In recent years, a terminal device where such signature input and display can be performed is realized using a smart phone or a tablet terminal. Numerous smart phones or tablet terminals are distributed as consumer products, which enable building of a settlement terminal device provided inexpensively. That is, if such settlement terminal devices can be configured using numerous information terminals that are distributed as the consumer products such as smart phones or tablet terminals, it is possible to provide the settlement terminal devices inexpensively. Further, since generalization of development platforms of applications (software) used in the settlement processing and other work is available, it is easy to reuse or divert development resources.
However, an information terminal designed to be used as a consumer product does not have “tamper resistance” necessary for protecting customer information to safely perform the transaction. The “tamper resistance” refers to resistance against an attack of trying to steal information from the information terminal. In order to secure the tamper resistance as a countermeasure against the attack of trying to steal the information from the information terminal, in a mobile device disclosed in US Patent Unexamined Publication No. 2010/0145854 or Japanese Patent Unexamined Publication No. 2004-355211, a portion relating to authentication information of a card used in settlement processing (referred to as a “secure portion” in US Patent Unexamined Publication No. 2010/0145854, in which the “secure portion” is a portion having necessary tamper resistance as a settlement terminal device) is separated from a generic portion.
However, in the above-mentioned information processing device in the related art, the security is secured in the secure portion, but is generally insufficient in the non-secure portion. Thus, when an unauthorized application is installed in the non-secure portion, there is a possibility that a formal input area where authentication information for identity verification (for example, personal identification number (PIN) or signature) is input is illegally hidden. Further, there is a possibility that another unauthorized input area is displayed by the unauthorized application. In these situations, when a user mistakenly considers the unauthorized input area as a formal input area to input authentication information in the unauthorized input area, there is a possibility that phishing of the authentication information occurs.